SCIENTIFIC-LINUX-ERRATA Archives

November 2018

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: curl and nss-pem on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 26 Nov 2018 18:20:56 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (41 lines) 
Synopsis:          Moderate: curl and nss-pem security and bug fix update
Advisory ID:       SLSA-2018:3157-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2018-1000007
                   CVE-2018-1000120
                   CVE-2018-1000121
                   CVE-2018-1000122
                   CVE-2018-1000301
--

Security Fix(es):

* curl: HTTP authentication leak in redirects (CVE-2018-1000007)

* curl: FTP path trickery leads to NIL byte out of bounds write
(CVE-2018-1000120)

* curl: RTSP RTP buffer over-read (CVE-2018-1000122)

* curl: Out-of-bounds heap read when missing RTSP headers allows
information leak of denial of service (CVE-2018-1000301)

* curl: LDAP NULL pointer dereference (CVE-2018-1000121)
--

SL7
  x86_64
    curl-7.29.0-51.el7.x86_64.rpm
    curl-debuginfo-7.29.0-51.el7.i686.rpm
    curl-debuginfo-7.29.0-51.el7.x86_64.rpm
    libcurl-7.29.0-51.el7.i686.rpm
    libcurl-7.29.0-51.el7.x86_64.rpm
    nss-pem-1.0.3-5.el7.i686.rpm
    nss-pem-1.0.3-5.el7.x86_64.rpm
    nss-pem-debuginfo-1.0.3-5.el7.i686.rpm
    nss-pem-debuginfo-1.0.3-5.el7.x86_64.rpm
    libcurl-devel-7.29.0-51.el7.i686.rpm
    libcurl-devel-7.29.0-51.el7.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2